Back to skill
Skillv1.0.0
VirusTotal security
龙港求职技能 · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMay 1, 2026, 4:32 AM
- Hash
- eb478b1b89188786ae622bb223d079294e0982dcfdb0af122eb199e5fd8a069a
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: longgang-job-hunter Version: 1.0.0 The skill is classified as suspicious due to a critical security vulnerability: the `crawl.js` file contains hardcoded SMTP credentials (username `450733414@qq.com` and password `okjybcgpuprncbah`) for sending emails via `smtp.qq.com`. While the skill's stated purpose is to send job search results, exposing these credentials allows anyone with access to the skill bundle to compromise and use this specific email account for unauthorized sending. This constitutes a severe vulnerability, though it does not show clear intent to maliciously attack the user's system or exfiltrate their personal data beyond the job search results themselves.
- External report
- View on VirusTotal